I'm thinking that when I upgrade my kernel (down the road) it will just be a matter of repacing the bzImage and that's it. Does that sound right?

Now I just need to figure out how to make this work with a gpg key on a usb stick... when and if I get the money for that I'll probably give it a shot. If anybody wanted to write a howto for that that would be even cooler.

I'm not sure I have the expertise to write an ebuild for the modified util-linux, but if I (or somebody) did would it be an appropriate thing to put into portage?

Perhaps you should submit the whole clean install onto an encrypted partition procedure to the alternative install guide.

Anyway, good work!

maybe i will add gpg and the usb stick thing to the howto. i already have some experience with that.

First thanks a lot for your guide, it was very helpful. I have all of my partitions encrypted with the exception of /boot and I really don't notice any slowdown at all.

I know I would also greatly appreciate it if you added some information about working with gpg/a usb stick. I don't think there is as much information about that on the internet and I am trying to figure out what is the correct way to do it. Thanks

you are welcome!
yesterday i ordered a sony memory stick on ebay (cause my vaio has a memory stick reader). and guess why i bought it as soon as it will arrive and as i got it working, i will give a message here. it is not hard at all, i think!

I have been playing around with encryption and by using hulk2nd's great guide along with the loop-AES.README I have setup an encrypted root partition using a gpg encrypted key. I thought I would add on to his guide with how I setup my system.

All I basically did is put the loop-AES.README into an easier to read format. I would highly suggest reading the entire thing before attempting to encrypt your hard drive. Also a current backup of your hard drive definitely helps.

7j) Build /boot/initrd.gz
Follow the bottom part of 2c) create the ramdisk to setup and execute your build-initrd.sh with the following changes:
-change USEGPGKEY to 1
-leave USEMODULE set to 1
I would note that I have used both AES128 and AES256 on the same system at different times and in my desktop usage I noticed no difference between the two as far as slow down.

7k) Modify /etc/fstab
Use the same procedure as in 2d) modifying /etc/fstab

7l) Edit grub.conf / lilo.conf
Use the same procedure as in 2e) modifying your grub.conf
NOTE: if you use lilo read the top of build-initrd.sh for instructions on how to setup lilo

7m) Do the actual encryption using some sort of bootable CD:
First reboot onto Knoppix/Gentoo LiveCD or some other form of bootable CD so your root partition will not be mounted. Then do the following steps:

wow, this is awesome!
thanks for these additions! of course i will update the howto with these informations (btw, thank you for keeping the same "layout" as the original howto, this makes it much easier). i'm sure several people are very interested in this!

I have another question, I just want to encrypt one partition or filesystem, where I can "host" the home directory for example.
I used the search function, but I did not find good results for the 2.6. kernel. I have the cryptoloop function compiled in. What steps do I have to take?

I wanted to post an update regarding encryption using a gpg encrypted key. After some reading I have not found a way to use the key to encrypt swap with. Therefore it seems that swap is encrypted the same way as normal (step 4) in hulk2nd's guide, which works fine.

so i'm right back from holidays and finally got my memory stick, but unfortunatly i can't boot from it. obviously i can't boot from any external device like an usb stick. that is really bad but that's how it is, so no update for the howto in this case at least from my side.

I messed it up
I must have made the same typo twice while entering the pass-phrase because it doesn't work. I tried all common typos of that password that I can think of. I just can't get access to the root partition.
I probably have to re-install... but I'm just making sure that there isn't somtething I can do.

hmm, that is strange cause you have to type the passphrase twice if you used the parameter 'T' in the losetup command. what error do you get? does it also not work with the knoppix cd? (maybe there is another keyboard layout)
maybe you had caps lock or num enabled?

no problem!
have a look at the build-initrd.sh. you can enable the option to use another keyboard layout. it's not hard at all. just enable that option and copy the layout over to your /boot partition and you are done.

I have been playing around with encryption and by using hulk2nd's great guide along with the loop-AES.README I have setup an encrypted root partition using a gpg encrypted key. I thought I would add on to his guide with how I setup my system.

All I basically did is put the loop-AES.README into an easier to read format. I would highly suggest reading the entire thing before attempting to encrypt your hard drive. Also a current backup of your hard drive definitely helps.

7. Encrypt your current root partition using a gpg encrypted key.

Is there a way that the encrypted Root FS does not need a password? For instance, I already have my gpg Private Key on floppy, is there a way that the boot process verifies that the floppy in the drive has the proper gpg key and decrypts the FS w/o user intervention enabling me to unlock the FS by inserting the floppy before PowerOn? Thus allowing me to restart the Server remotely as long as the floppy is in the Server's Drive?_________________There are 10 types of people on Earth.
Those who know BINARY and those who don't.

but when mounting my backup DVD's (yes correct password, i have correct cipher set )

Code:

$ mount /mnt/ecd
Password:
mount: wrong fs type, bad option, bad superblock on /dev/loop0,
or too many mounted file systems
(could this be the IDE device where you in fact use
ide-scsi so that sr0 or sda or so is needed?)
$

I tried without the root=/dev/ram0 option, and with root=/dev/loop5, with no luck on that front. I double checked my kernel config (2.6.1) and I've got all the options specified, triple checked ram disk support and initrd support, both are as they should (with automount option).

Could this have anything to do with that I'm running SCSI drives?

Any suggestions? Luckily I'm going this on my laptop

**** Scratch all that above, found the problem. In my grub.conf I had incorrectly specified minux filesystem, instead of minix! .

typed linux way too many times I think... Booting up like a champ now. Perhaps this message will help somebody else..